## -*- mode: html; coding: utf-8; -*-
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.

<!-- WebDoc-Page-Title: WebAccess Table Structure -->
<!-- WebDoc-Page-Navtrail: <a class="navtrail" href="<CFG_SITE_URL>/help/hacking">Hacking CDS Invenio</a> &gt; <a class="navtrail" href="webaccess-internals">WebAccess Internals</a> -->
<!-- WebDoc-Page-Revision: $Id$ -->

<pre>
Explanation of the WebAccess table structure and how to create authorizations.

-- accROLE --

roles are collections of authorizations within specified areas. these should
have a clear connection, for example within a module or for a special type of
person, e.g a library administator.

              id - specify the id of the role

            name - unique name for the role

     description - describe the authorization tasks the role will cover

firerole_def_ser - precompiled serialized firewall like role definition (firerole)

firerole_def_src - definition text source for repairing after Python upgrades


-- user_accROLE --

give users access to the authorizations/actions provided by the given role.

   id_user - id of user in the database, usually just the CFG_SITE_SUPPORT_EMAIL and/or CFG_SITE_ADMIN_EMAIL

id_accROLE - id of role from accROLE


-- accACTION --

the actions specify what information is needed to create an authorization.
an action can take any number of arguments, and you also have the possibility to
make these arguments optional.

             id - specify the id of the action

           name - unique name for the action

    description - describe authorization area

allowedkeywords - the keywords for the wanted arguments

       optional - enum to define wether arguments can be optional
                  value: ['yes', 'no']

                  'no'  - action without arguments or not optional arguments
                  'yes' - only actions with arguments


-- accARGUMENT --

arguments for the authorizations. one entry might be shared by several authorizations,
so it is important to not change these but simply add new ones when a change is needed.

     id - id of the argument

keyword - the one listed in an action's allowedkeywords

  value - the value connected to the keyword in an keyword=value argument pair


-- accROLE_accACTION_accARGUMENT --

ternary connection to create authorizations. when an authorization has more than
one argument they need to be connected somehow. the same id for role, action and
argumentlist does this. there must be at least as many entries as allowedkeywords
for the action. with more entries all authorizations are found using a cross product.

id_accARGUMENT and argumentlistid are both set to 0 when the action have no arguments.
with optional arguments they are both set to -1.

    id_accROLE - reference to argument in table accROLE

  id_accACTION - reference to argument in table accACTION

id_accARGUMENT - reference to argument in table accARGUMENT

argumentlistid - glue to bind entries into authorizations.


</pre>

